From 2b4415248e96cfb292d527514a63f57e9d518f8416337ea7633a0fe3123b345f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 2 Aug 2024 15:16:09 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main openssh revision 80f1dfa5523715d1a8c3544a6ac6af74 --- ...tly-restore-sigprocmask-around-ppoll.patch | 55 ++ ...iplexing-mode_-broken-when-keystroke.patch | 32 + ...bscureKeystrokeTiming-chaff-packets_.patch | 38 + README.SUSE | 7 + fix-CVE-2024-6387.patch | 19 + openssh-6.6p1-privsep-selinux.patch | 2 +- openssh-7.7p1-allow_root_password_login.patch | 59 ++ openssh-7.7p1-fips.patch | 4 +- openssh-7.7p1-ldap.patch | 6 +- openssh-8.0p1-gssapi-keyex.patch | 5 +- openssh-9.6p1-crypto-policies-man.patch | 648 ++++++++++++++++++ openssh-9.6p1-crypto-policies.patch | 43 ++ openssh-mitigate-lingering-secrets.patch | 344 ++++++++++ openssh.changes | 150 +++- openssh.spec | 111 ++- 15 files changed, 1501 insertions(+), 22 deletions(-) create mode 100644 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch create mode 100644 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch create mode 100644 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch create mode 100644 fix-CVE-2024-6387.patch create mode 100644 openssh-7.7p1-allow_root_password_login.patch create mode 100644 openssh-9.6p1-crypto-policies-man.patch create mode 100644 openssh-9.6p1-crypto-policies.patch create mode 100644 openssh-mitigate-lingering-secrets.patch diff --git a/0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch b/0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch new file mode 100644 index 0000000..25a13fe --- /dev/null +++ b/0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch @@ -0,0 +1,55 @@ +From 66aaa678dbe59aa21d0d9d89a3596ecedde0254b Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Tue, 30 Apr 2024 02:14:10 +0000 +Subject: [PATCH] upstream: correctly restore sigprocmask around ppoll() + reported +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +by Tõivo Leedjärv; ok deraadt@ + +OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686 +--- + clientloop.c | 4 ++-- + serverloop.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/clientloop.c b/clientloop.c +index be8bb5fc1f2..8ea2ada4216 100644 +--- a/clientloop.c ++++ b/clientloop.c +#@@ -1,4 +1,4 @@ +#-/* $OpenBSD: clientloop.c,v 1.404 2024/04/30 02:10:49 djm Exp $ */ +#+/* $OpenBSD: clientloop.c,v 1.405 2024/04/30 02:14:10 djm Exp $ */ +# /* +# * Author: Tatu Ylonen +# * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -1585,7 +1585,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, + client_wait_until_can_do_something(ssh, &pfd, &npfd_alloc, + &npfd_active, channel_did_enqueue, &osigset, + &conn_in_ready, &conn_out_ready); +- if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1) ++ if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1) + error_f("osigset sigprocmask: %s", strerror(errno)); + + if (quit_pending) +diff --git a/serverloop.c b/serverloop.c +index f3683c2e4a6..94c8943a616 100644 +--- a/serverloop.c ++++ b/serverloop.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: serverloop.c,v 1.237 2023/08/21 04:59:54 djm Exp $ */ ++/* $OpenBSD: serverloop.c,v 1.238 2024/04/30 02:14:10 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -380,7 +380,7 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) + wait_until_can_do_something(ssh, connection_in, connection_out, + &pfd, &npfd_alloc, &npfd_active, &osigset, + &conn_in_ready, &conn_out_ready); +- if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1) ++ if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1) + error_f("osigset sigprocmask: %s", strerror(errno)); + + if (received_sigterm) { diff --git a/0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch b/0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch new file mode 100644 index 0000000..feffd9c --- /dev/null +++ b/0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch @@ -0,0 +1,32 @@ +From 9844aa2521ccfb1a2d73745680327b79e0574445 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 21 Feb 2024 05:57:34 +0000 +Subject: [PATCH] upstream: fix proxy multiplexing mode, broken when keystroke + timing + +obfuscation was added. GHPR#463 from montag451 + +OpenBSD-Commit-ID: 4e412d59b3f557d431f1d81c715a3bc0491cc677 +--- + clientloop.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/clientloop.c b/clientloop.c +index eb4902905fb..8ec36af94b3 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: clientloop.c,v 1.402 2023/11/24 00:31:30 dtucker Exp $ */ ++/* $OpenBSD: clientloop.c,v 1.403 2024/02/21 05:57:34 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -517,7 +517,7 @@ send_chaff(struct ssh *ssh) + { + int r; + +- if ((ssh->kex->flags & KEX_HAS_PING) == 0) ++ if (ssh->kex == NULL || (ssh->kex->flags & KEX_HAS_PING) == 0) + return 0; + /* XXX probabilistically send chaff? */ + /* diff --git a/0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch b/0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch new file mode 100644 index 0000000..6229cba --- /dev/null +++ b/0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch @@ -0,0 +1,38 @@ +From 146c420d29d055cc75c8606327a1cf8439fe3a08 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Mon, 1 Jul 2024 04:31:17 +0000 +Subject: [PATCH] upstream: when sending ObscureKeystrokeTiming chaff packets, + we + +can't rely on channel_did_enqueue to tell that there is data to send. This +flag indicates that the channels code enqueued a packet on _this_ ppoll() +iteration, not that data was enqueued in _any_ ppoll() iteration in the +timeslice. ok markus@ + +OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 +--- + clientloop.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/clientloop.c b/clientloop.c +index 0b6f3c9be02..8ed8b1c3449 100644 +--- a/clientloop.c ++++ b/clientloop.c +#@@ -1,4 +1,4 @@ +#-/* $OpenBSD: clientloop.c,v 1.407 2024/05/17 06:42:04 jsg Exp $ */ +#+/* $OpenBSD: clientloop.c,v 1.408 2024/07/01 04:31:17 djm Exp $ */ +# /* +# * Author: Tatu Ylonen +# * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -607,8 +607,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout, + if (timespeccmp(&now, &chaff_until, >=)) { + /* Stop if there have been no keystrokes for a while */ + stop_reason = "chaff time expired"; +- } else if (timespeccmp(&now, &next_interval, >=)) { +- /* Otherwise if we were due to send, then send chaff */ ++ } else if (timespeccmp(&now, &next_interval, >=) && ++ !ssh_packet_have_data_to_write(ssh)) { ++ /* If due to send but have no data, then send chaff */ + if (send_chaff(ssh)) + nchaff++; + } diff --git a/README.SUSE b/README.SUSE index cb1f82b..1350a12 100644 --- a/README.SUSE +++ b/README.SUSE @@ -5,6 +5,13 @@ There are following changes in default settings of ssh client and server: * PAM authentication is enabled and mostly even required, do not turn it off. +* In SLE15, root authentiation with password is enabled by default + (PermitRootLogin yes). + NOTE: this has security implications and is only done in order to not change + behaviour of the server in an update. We strongly suggest setting this option + either "prohibit-password" or even better to "no" (which disables direct + remote root login entirely). + * DSA authentication is enabled by default for maximum compatibility. NOTE: do not use DSA authentication since it is being phased out for a reason - the size of DSA keys is limited by the standard to 1024 bits which cannot diff --git a/fix-CVE-2024-6387.patch b/fix-CVE-2024-6387.patch new file mode 100644 index 0000000..ba9d506 --- /dev/null +++ b/fix-CVE-2024-6387.patch @@ -0,0 +1,19 @@ +Index: openssh-9.6p1/log.c +=================================================================== +--- openssh-9.6p1.orig/log.c ++++ openssh-9.6p1/log.c +@@ -451,12 +451,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + diff --git a/openssh-6.6p1-privsep-selinux.patch b/openssh-6.6p1-privsep-selinux.patch index c3b6268..805a0f8 100644 --- a/openssh-6.6p1-privsep-selinux.patch +++ b/openssh-6.6p1-privsep-selinux.patch @@ -114,7 +114,7 @@ Index: openssh-9.3p2/sshd.c if (privsep_chroot) { /* Change our root directory */ @@ -602,6 +606,9 @@ privsep_postauth(struct ssh *ssh, Authct - { + #ifdef DISABLE_FD_PASSING if (1) { +#elif defined(WITH_SELINUX) diff --git a/openssh-7.7p1-allow_root_password_login.patch b/openssh-7.7p1-allow_root_password_login.patch new file mode 100644 index 0000000..815b8a5 --- /dev/null +++ b/openssh-7.7p1-allow_root_password_login.patch @@ -0,0 +1,59 @@ +# HG changeset patch +# Parent af43d436bc7fe818dd976c923ad99b89051eb299 +Allow root login with password by default. While less secure than upstream +default of forbidding access to the root account with a password, we are +temporarily introducing this change to keep the default used in older OpenSSH +versions shipped with SLE. + +Index: openssh-8.4p1/servconf.c +=================================================================== +--- openssh-8.4p1.orig/servconf.c ++++ openssh-8.4p1/servconf.c +@@ -329,7 +329,7 @@ fill_default_server_options(ServerOption + if (options->login_grace_time == -1) + options->login_grace_time = 120; + if (options->permit_root_login == PERMIT_NOT_SET) +- options->permit_root_login = PERMIT_NO_PASSWD; ++ options->permit_root_login = PERMIT_YES; + if (options->ignore_rhosts == -1) + options->ignore_rhosts = 1; + if (options->ignore_user_known_hosts == -1) +Index: openssh-8.4p1/sshd_config +=================================================================== +--- openssh-8.4p1.orig/sshd_config ++++ openssh-8.4p1/sshd_config +@@ -29,7 +29,7 @@ + # Authentication: + + #LoginGraceTime 2m +-#PermitRootLogin prohibit-password ++PermitRootLogin yes + #StrictModes yes + #MaxAuthTries 6 + #MaxSessions 10 +Index: openssh-8.4p1/sshd_config.0 +=================================================================== +--- openssh-8.4p1.orig/sshd_config.0 ++++ openssh-8.4p1/sshd_config.0 +@@ -778,7 +778,7 @@ DESCRIPTION + PermitRootLogin + Specifies whether root can log in using ssh(1). The argument + must be yes, prohibit-password, forced-commands-only, or no. The +- default is prohibit-password. ++ default is yes. + + If this option is set to prohibit-password (or its deprecated + alias, without-password), password and keyboard-interactive +Index: openssh-8.4p1/sshd_config.5 +=================================================================== +--- openssh-8.4p1.orig/sshd_config.5 ++++ openssh-8.4p1/sshd_config.5 +@@ -1331,7 +1331,7 @@ The argument must be + or + .Cm no . + The default is +-.Cm prohibit-password . ++.Cm yes . + .Pp + If this option is set to + .Cm prohibit-password diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 31207b8..08b9d30 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -39,7 +39,7 @@ Index: openssh-9.6p1/cipher.c #ifdef WITH_OPENSSL #ifndef OPENSSL_NO_DES { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, -@@ -110,8 +113,52 @@ static const struct sshcipher ciphers[] +@@ -110,8 +113,50 @@ static const struct sshcipher ciphers[] { NULL, 0, 0, 0, 0, 0, NULL } }; @@ -53,12 +53,10 @@ Index: openssh-9.6p1/cipher.c + { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr }, -+# ifdef OPENSSL_HAVE_EVPGCM + { "aes128-gcm@openssh.com", + 16, 16, 12, 16, 0, EVP_aes_128_gcm }, + { "aes256-gcm@openssh.com", + 16, 32, 12, 16, 0, EVP_aes_256_gcm }, -+# endif /* OPENSSL_HAVE_EVPGCM */ +#else + { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL }, diff --git a/openssh-7.7p1-ldap.patch b/openssh-7.7p1-ldap.patch index 9f11f91..cfa9249 100644 --- a/openssh-7.7p1-ldap.patch +++ b/openssh-7.7p1-ldap.patch @@ -335,7 +335,7 @@ Index: openssh-8.9p1/ldap-helper.c =================================================================== --- /dev/null +++ openssh-8.9p1/ldap-helper.c -@@ -0,0 +1,155 @@ +@@ -0,0 +1,156 @@ +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* + * Copyright (c) 2009 Jan F. Chadima. All rights reserved. @@ -369,6 +369,7 @@ Index: openssh-8.9p1/ldap-helper.c +#include "ldapbody.h" +#include +#include ++#include + +static int config_debug = 0; +int config_exclusive_config_file = 0; @@ -1175,7 +1176,7 @@ Index: openssh-8.9p1/ldapconf.c =================================================================== --- /dev/null +++ openssh-8.9p1/ldapconf.c -@@ -0,0 +1,711 @@ +@@ -0,0 +1,712 @@ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* + * Copyright (c) 2009 Jan F. Chadima. All rights reserved. @@ -1209,6 +1210,7 @@ Index: openssh-8.9p1/ldapconf.c +#include "ldapconf.h" +#include +#include ++#include + +/* Keyword tokens. */ + diff --git a/openssh-8.0p1-gssapi-keyex.patch b/openssh-8.0p1-gssapi-keyex.patch index e760f13..2f949b1 100644 --- a/openssh-8.0p1-gssapi-keyex.patch +++ b/openssh-8.0p1-gssapi-keyex.patch @@ -151,7 +151,7 @@ Index: openssh-9.6p1/auth2-gss.c + * The 'gssapi_keyex' userauth mechanism. + */ +static int -+userauth_gsskeyex(struct ssh *ssh) ++userauth_gsskeyex(struct ssh *ssh, const char *method) +{ + Authctxt *authctxt = ssh->authctxt; + int r, authenticated = 0; @@ -213,12 +213,13 @@ Index: openssh-9.6p1/auth2-gss.c else logit("GSSAPI MIC check failed"); -@@ -333,6 +377,12 @@ input_gssapi_mic(int type, u_int32_t ple +@@ -333,6 +377,13 @@ input_gssapi_mic(int type, u_int32_t ple return 0; } +Authmethod method_gsskeyex = { + "gssapi-keyex", ++ "NULL", + userauth_gsskeyex, + &options.gss_authentication +}; diff --git a/openssh-9.6p1-crypto-policies-man.patch b/openssh-9.6p1-crypto-policies-man.patch new file mode 100644 index 0000000..5c386f0 --- /dev/null +++ b/openssh-9.6p1-crypto-policies-man.patch @@ -0,0 +1,648 @@ +Index: openssh-9.6p1/ssh_config.5 +=================================================================== +--- openssh-9.6p1.orig/ssh_config.5 ++++ openssh-9.6p1/ssh_config.5 +@@ -403,17 +403,14 @@ A single argument of + causes no CNAMEs to be considered for canonicalization. + This is the default behaviour. + .It Cm CASignatureAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies which algorithms are allowed for signing of certificates + by certificate authorities (CAs). +-The default is: +-.Bd -literal -offset indent +-ssh-ed25519,ecdsa-sha2-nistp256, +-ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-sk-ssh-ed25519@openssh.com, +-sk-ecdsa-sha2-nistp256@openssh.com, +-rsa-sha2-512,rsa-sha2-256 +-.Ed +-.Pp + If the specified list begins with a + .Sq + + character, then the specified algorithms will be appended to the default set +@@ -542,20 +539,26 @@ If the option is set to + (the default), + the check will not be executed. + .It Cm Ciphers ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the ciphers allowed and their order of preference. + Multiple ciphers must be comma-separated. + If the specified list begins with a + .Sq + +-character, then the specified ciphers will be appended to the default set +-instead of replacing them. ++character, then the specified ciphers will be appended to the built-in ++openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified ciphers (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified ciphers will be placed at the head of the +-default set. ++built-in openssh default set. + .Pp + The supported ciphers are: + .Bd -literal -offset indent +@@ -571,13 +574,6 @@ aes256-gcm@openssh.com + chacha20-poly1305@openssh.com + .Ed + .Pp +-The default is: +-.Bd -literal -offset indent +-chacha20-poly1305@openssh.com, +-aes128-ctr,aes192-ctr,aes256-ctr, +-aes128-gcm@openssh.com,aes256-gcm@openssh.com +-.Ed +-.Pp + The list of available ciphers may also be obtained using + .Qq ssh -Q cipher . + .It Cm ClearAllForwardings +@@ -979,6 +975,12 @@ command line will be passed untouched to + The default is + .Dq no . + .It Cm GSSAPIKexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + The list of key exchange algorithms that are offered for GSSAPI + key exchange. Possible values are + .Bd -literal -offset 3n +@@ -991,9 +993,8 @@ gss-nistp256-sha256-, + gss-curve25519-sha256- + .Ed + .Pp +-The default is +-.Dq gss-gex-sha1-,gss-group14-sha1- . + This option only applies to protocol version 2 connections using GSSAPI. ++.Pp + .It Cm HashKnownHosts + Indicates that + .Xr ssh 1 +@@ -1012,36 +1013,26 @@ will not be converted automatically, + but may be manually hashed using + .Xr ssh-keygen 1 . + .It Cm HostbasedAcceptedAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the signature algorithms that will be used for hostbased + authentication as a comma-separated list of patterns. + Alternately if the specified list begins with a + .Sq + + character, then the specified signature algorithms will be appended +-to the default set instead of replacing them. ++to the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified signature algorithms (including wildcards) +-will be removed from the default set instead of replacing them. ++will be removed from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified signature algorithms will be placed +-at the head of the default set. +-The default for this option is: +-.Bd -literal -offset 3n +-ssh-ed25519-cert-v01@openssh.com, +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-sk-ssh-ed25519-cert-v01@openssh.com, +-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com, +-rsa-sha2-256-cert-v01@openssh.com, +-ssh-ed25519, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-sk-ssh-ed25519@openssh.com, +-sk-ecdsa-sha2-nistp256@openssh.com, +-rsa-sha2-512,rsa-sha2-256 +-.Ed ++at the head of the built-in openssh default set. + .Pp + The + .Fl Q +@@ -1094,6 +1085,17 @@ to prefer their algorithms. + .Pp + The list of available signature algorithms may also be obtained using + .Qq ssh -Q HostKeyAlgorithms . ++.Pp ++The proposed ++.Cm HostKeyAlgorithms ++during KEX are limited to the set of algorithms that is defined in ++.Cm PubkeyAcceptedAlgorithms ++and therefore they are indirectly affected by system-wide ++.Xr crypto_policies 7 . ++.Xr crypto_policies 7 can not handle the list of host key algorithms directly ++as doing so would break the order given by the ++.Pa known_hosts ++file. + .It Cm HostKeyAlias + Specifies an alias that should be used instead of the + real host name when looking up or saving the host key +@@ -1311,31 +1313,26 @@ it may be zero or more of: + and + .Cm pam . + .It Cm KexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the available KEX (Key Exchange) algorithms. + Multiple algorithms must be comma-separated. + If the specified list begins with a + .Sq + +-character, then the specified algorithms will be appended to the default set +-instead of replacing them. ++character, then the specified methods will be appended to the built-in ++openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified algorithms will be placed at the head of the +-default set. +-The default is: +-.Bd -literal -offset indent +-sntrup761x25519-sha512@openssh.com, +-curve25519-sha256,curve25519-sha256@libssh.org, +-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, +-diffie-hellman-group-exchange-sha256, +-diffie-hellman-group16-sha512, +-diffie-hellman-group18-sha512, +-diffie-hellman-group14-sha256, +-diffie-hellman-group14-sha1 +-.Ed ++built-in openssh default set. + .Pp + The list of available key exchange algorithms may also be obtained using + .Qq ssh -Q kex . +@@ -1445,37 +1442,34 @@ function, and all code in the + file. + This option is intended for debugging and no overrides are enabled by default. + .It Cm MACs ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the MAC (message authentication code) algorithms + in order of preference. + The MAC algorithm is used for data integrity protection. + Multiple algorithms must be comma-separated. + If the specified list begins with a + .Sq + +-character, then the specified algorithms will be appended to the default set +-instead of replacing them. ++character, then the specified algorithms will be appended to the built-in ++openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified algorithms will be placed at the head of the +-default set. ++built-in openssh default set. + .Pp + The algorithms that contain + .Qq -etm + calculate the MAC after encryption (encrypt-then-mac). + These are considered safer and their use recommended. + .Pp +-The default is: +-.Bd -literal -offset indent +-umac-64-etm@openssh.com,umac-128-etm@openssh.com, +-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +-hmac-sha1-etm@openssh.com, +-umac-64@openssh.com,umac-128@openssh.com, +-hmac-sha2-256,hmac-sha2-512,hmac-sha1 +-.Ed +-.Pp + The list of available MAC algorithms may also be obtained using + .Qq ssh -Q mac . + .It Cm NoHostAuthenticationForLocalhost +@@ -1666,39 +1660,32 @@ instead of continuing to execute and pas + The default is + .Cm no . + .It Cm PubkeyAcceptedAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the signature algorithms that will be used for public key + authentication as a comma-separated list of patterns. + If the specified list begins with a + .Sq + +-character, then the algorithms after it will be appended to the default +-instead of replacing it. ++character, then the algorithms after it will be appended to the built-in ++openssh default instead of replacing it. + If the specified list begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified algorithms will be placed at the head of the +-default set. +-The default for this option is: +-.Bd -literal -offset 3n +-ssh-ed25519-cert-v01@openssh.com, +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-sk-ssh-ed25519-cert-v01@openssh.com, +-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com, +-rsa-sha2-256-cert-v01@openssh.com, +-ssh-ed25519, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-sk-ssh-ed25519@openssh.com, +-sk-ecdsa-sha2-nistp256@openssh.com, +-rsa-sha2-512,rsa-sha2-256 +-.Ed ++built-in openssh default set. + .Pp + The list of available signature algorithms may also be obtained using + .Qq ssh -Q PubkeyAcceptedAlgorithms . ++.Pp ++This option affects also ++.Cm HostKeyAlgorithms + .It Cm PubkeyAuthentication + Specifies whether to try public key authentication. + The argument to this keyword must be +@@ -2395,7 +2382,9 @@ This file provides the vendor defaults a + configuration file does not exist. + .El + .Sh SEE ALSO +-.Xr ssh 1 ++.Xr ssh 1 , ++.Xr crypto-policies 7 , ++.Xr update-crypto-policies 8 + .Sh AUTHORS + .An -nosplit + OpenSSH is a derivative of the original and free +Index: openssh-9.6p1/sshd_config.5 +=================================================================== +--- openssh-9.6p1.orig/sshd_config.5 ++++ openssh-9.6p1/sshd_config.5 +@@ -381,17 +381,14 @@ If the argument is + then no banner is displayed. + By default, no banner is displayed. + .It Cm CASignatureAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies which algorithms are allowed for signing of certificates + by certificate authorities (CAs). +-The default is: +-.Bd -literal -offset indent +-ssh-ed25519,ecdsa-sha2-nistp256, +-ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-sk-ssh-ed25519@openssh.com, +-sk-ecdsa-sha2-nistp256@openssh.com, +-rsa-sha2-512,rsa-sha2-256 +-.Ed +-.Pp + If the specified list begins with a + .Sq + + character, then the specified algorithms will be appended to the default set +@@ -527,20 +524,26 @@ The default is + indicating not to + .Xr chroot 2 . + .It Cm Ciphers ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the ciphers allowed. + Multiple ciphers must be comma-separated. + If the specified list begins with a + .Sq + +-character, then the specified ciphers will be appended to the default set +-instead of replacing them. ++character, then the specified ciphers will be appended to the built-in ++openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified ciphers (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified ciphers will be placed at the head of the +-default set. ++built-in openssh default set. + .Pp + The supported ciphers are: + .Pp +@@ -567,13 +570,6 @@ aes256-gcm@openssh.com + chacha20-poly1305@openssh.com + .El + .Pp +-The default is: +-.Bd -literal -offset indent +-chacha20-poly1305@openssh.com, +-aes128-ctr,aes192-ctr,aes256-ctr, +-aes128-gcm@openssh.com,aes256-gcm@openssh.com +-.Ed +-.Pp + The list of available ciphers may also be obtained using + .Qq ssh -Q cipher . + .It Cm ClientAliveCountMax +@@ -764,52 +760,45 @@ For this to work + .Cm GSSAPIKeyExchange + needs to be enabled in the server and also used by the client. + .It Cm GSSAPIKexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + The list of key exchange algorithms that are accepted by GSSAPI + key exchange. Possible values are + .Bd -literal -offset 3n +-gss-gex-sha1-, +-gss-group1-sha1-, +-gss-group14-sha1-, +-gss-group14-sha256-, +-gss-group16-sha512-, +-gss-nistp256-sha256-, ++gss-gex-sha1- ++gss-group1-sha1- ++gss-group14-sha1- ++gss-group14-sha256- ++gss-group16-sha512- ++gss-nistp256-sha256- + gss-curve25519-sha256- + .Ed +-.Pp +-The default is +-.Dq gss-gex-sha1-,gss-group14-sha1- . + This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HostbasedAcceptedAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the signature algorithms that will be accepted for hostbased + authentication as a list of comma-separated patterns. + Alternately if the specified list begins with a + .Sq + + character, then the specified signature algorithms will be appended to +-the default set instead of replacing them. ++the built-in openssh set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified signature algorithms (including wildcards) +-will be removed from the default set instead of replacing them. ++will be removed from the built-in openssh set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified signature algorithms will be placed at +-the head of the default set. +-The default for this option is: +-.Bd -literal -offset 3n +-ssh-ed25519-cert-v01@openssh.com, +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-sk-ssh-ed25519-cert-v01@openssh.com, +-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com, +-rsa-sha2-256-cert-v01@openssh.com, +-ssh-ed25519, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-sk-ssh-ed25519@openssh.com, +-sk-ecdsa-sha2-nistp256@openssh.com, +-rsa-sha2-512,rsa-sha2-256 +-.Ed ++the head of the built-in openssh default set. + .Pp + The list of available signature algorithms may also be obtained using + .Qq ssh -Q HostbasedAcceptedAlgorithms . +@@ -876,25 +865,15 @@ is specified, the location of the socket + .Ev SSH_AUTH_SOCK + environment variable. + .It Cm HostKeyAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the host key signature algorithms + that the server offers. + The default for this option is: +-.Bd -literal -offset 3n +-ssh-ed25519-cert-v01@openssh.com, +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-sk-ssh-ed25519-cert-v01@openssh.com, +-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com, +-rsa-sha2-256-cert-v01@openssh.com, +-ssh-ed25519, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-sk-ssh-ed25519@openssh.com, +-sk-ecdsa-sha2-nistp256@openssh.com, +-rsa-sha2-512,rsa-sha2-256 +-.Ed +-.Pp + The list of available signature algorithms may also be obtained using + .Qq ssh -Q HostKeyAlgorithms . + .It Cm IgnoreRhosts +@@ -1027,20 +1006,26 @@ file on logout. + The default is + .Cm yes . + .It Cm KexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the available KEX (Key Exchange) algorithms. + Multiple algorithms must be comma-separated. + Alternately if the specified list begins with a + .Sq + +-character, then the specified algorithms will be appended to the default set +-instead of replacing them. ++character, then the specified methods will be appended to the built-in ++openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified algorithms will be placed at the head of the +-default set. ++built-in openssh default set. + The supported algorithms are: + .Pp + .Bl -item -compact -offset indent +@@ -1072,16 +1057,6 @@ ecdh-sha2-nistp521 + sntrup761x25519-sha512@openssh.com + .El + .Pp +-The default is: +-.Bd -literal -offset indent +-sntrup761x25519-sha512@openssh.com, +-curve25519-sha256,curve25519-sha256@libssh.org, +-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, +-diffie-hellman-group-exchange-sha256, +-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, +-diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 +-.Ed +-.Pp + The list of available key exchange algorithms may also be obtained using + .Qq ssh -Q KexAlgorithms . + .It Cm ListenAddress +@@ -1167,21 +1142,27 @@ function, and all code in the + file. + This option is intended for debugging and no overrides are enabled by default. + .It Cm MACs ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the available MAC (message authentication code) algorithms. + The MAC algorithm is used for data integrity protection. + Multiple algorithms must be comma-separated. + If the specified list begins with a + .Sq + +-character, then the specified algorithms will be appended to the default set +-instead of replacing them. ++character, then the specified algorithms will be appended to the built-in ++openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified algorithms will be placed at the head of the +-default set. ++built-in openssh default set. + .Pp + The algorithms that contain + .Qq -etm +@@ -1224,15 +1205,6 @@ umac-64-etm@openssh.com + umac-128-etm@openssh.com + .El + .Pp +-The default is: +-.Bd -literal -offset indent +-umac-64-etm@openssh.com,umac-128-etm@openssh.com, +-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +-hmac-sha1-etm@openssh.com, +-umac-64@openssh.com,umac-128@openssh.com, +-hmac-sha2-256,hmac-sha2-512,hmac-sha1 +-.Ed +-.Pp + The list of available MAC algorithms may also be obtained using + .Qq ssh -Q mac . + .It Cm Match +@@ -1614,36 +1586,26 @@ or equivalent.) + The default is + .Cm yes . + .It Cm PubkeyAcceptedAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++Information about defaults, how to modify the defaults and how to customize ++existing policies with sub-policies are present in manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the signature algorithms that will be accepted for public key + authentication as a list of comma-separated patterns. + Alternately if the specified list begins with a + .Sq + +-character, then the specified algorithms will be appended to the default set +-instead of replacing them. ++character, then the specified algorithms will be appended to the built-in ++openssh default set instead of replacing them. + If the specified list begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in openssh default set instead of replacing them. + If the specified list begins with a + .Sq ^ + character, then the specified algorithms will be placed at the head of the +-default set. +-The default for this option is: +-.Bd -literal -offset 3n +-ssh-ed25519-cert-v01@openssh.com, +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-sk-ssh-ed25519-cert-v01@openssh.com, +-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com, +-rsa-sha2-256-cert-v01@openssh.com, +-ssh-ed25519, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-sk-ssh-ed25519@openssh.com, +-sk-ecdsa-sha2-nistp256@openssh.com, +-rsa-sha2-512,rsa-sha2-256 +-.Ed ++built-in openssh default set. + .Pp + The list of available signature algorithms may also be obtained using + .Qq ssh -Q PubkeyAcceptedAlgorithms . +@@ -2122,7 +2084,9 @@ This file should be writable by root onl + .El + .Sh SEE ALSO + .Xr sftp-server 8 , +-.Xr sshd 8 ++.Xr sshd 8 , ++.Xr crypto-policies 7 , ++.Xr update-crypto-policies 8 + .Sh AUTHORS + .An -nosplit + OpenSSH is a derivative of the original and free diff --git a/openssh-9.6p1-crypto-policies.patch b/openssh-9.6p1-crypto-policies.patch new file mode 100644 index 0000000..f3cfc4c --- /dev/null +++ b/openssh-9.6p1-crypto-policies.patch @@ -0,0 +1,43 @@ +Index: openssh-9.6p1/ssh_config +=================================================================== +--- openssh-9.6p1.orig/ssh_config ++++ openssh-9.6p1/ssh_config +@@ -17,6 +17,12 @@ + # list of available options, their meanings and defaults, please see the + # ssh_config(5) man page. + ++# This system is following system-wide crypto policies. ++# To modify the crypto properties (Ciphers, MACs, ...), create a *.conf ++# file under /etc/ssh/ssh_config.d/ which will be automatically ++# included below. For more information, see the manual pages for ++# update-crypto-policies(8) and ssh_config(5). ++ + # To modify the system-wide ssh configuration, create a "*.conf" file under + # "/etc/ssh/ssh_config.d/" which will be automatically included below. + # Don't edit this configuration file itself if possible to avoid update +Index: openssh-9.6p1/ssh_config_suse +=================================================================== +--- /dev/null ++++ openssh-9.6p1/ssh_config_suse +@@ -0,0 +1,9 @@ ++# The options here are in the "Match final block" to be applied as the last ++# options and could be potentially overwritten by the user configuration ++Match final all ++ # Follow system-wide Crypto Policy, if defined: ++ Include /etc/crypto-policies/back-ends/openssh.config ++ ++# Uncomment this if you want to use .local domain ++# Host *.local ++ +Index: openssh-9.6p1/sshd_config_suse_cp +=================================================================== +--- /dev/null ++++ openssh-9.6p1/sshd_config_suse_cp +@@ -0,0 +1,7 @@ ++# This system is following system-wide crypto policy. The changes to ++# crypto properties (Ciphers, MACs, ...) will not have any effect in ++# this or following included files. To override some configuration option, ++# write it before this block or include it before this file. ++# Please, see manual pages for update-crypto-policies(8) and sshd_config(5). ++Include /etc/crypto-policies/back-ends/opensshserver.config ++ diff --git a/openssh-mitigate-lingering-secrets.patch b/openssh-mitigate-lingering-secrets.patch new file mode 100644 index 0000000..9422abd --- /dev/null +++ b/openssh-mitigate-lingering-secrets.patch @@ -0,0 +1,344 @@ +Index: openssh-9.3p2/kex.c +=================================================================== +--- openssh-9.3p2.orig/kex.c ++++ openssh-9.3p2/kex.c +@@ -1564,16 +1564,16 @@ enc_destroy(struct sshenc *enc) + return; + + if (enc->key) { +- memset(enc->key, 0, enc->key_len); ++ explicit_bzero(enc->key, enc->key_len); + free(enc->key); + } + + if (enc->iv) { +- memset(enc->iv, 0, enc->iv_len); ++ explicit_bzero(enc->iv, enc->iv_len); + free(enc->iv); + } + +- memset(enc, 0, sizeof(*enc)); ++ explicit_bzero(enc, sizeof(*enc)); + } + + void +@@ -1584,7 +1584,7 @@ newkeys_destroy(struct newkeys *newkeys) + + enc_destroy(&newkeys->enc); + mac_destroy(&newkeys->mac); +- memset(&newkeys->comp, 0, sizeof(newkeys->comp)); ++ explicit_bzero(&newkeys->comp, sizeof(newkeys->comp)); + } + + /* +Index: openssh-9.3p2/mac.c +=================================================================== +--- openssh-9.3p2.orig/mac.c ++++ openssh-9.3p2/mac.c +@@ -284,11 +284,11 @@ mac_destroy(struct sshmac *mac) + return; + + if (mac->key) { +- memset(mac->key, 0, mac->key_len); ++ explicit_bzero(mac->key, mac->key_len); + free(mac->key); + } + +- memset(mac, 0, sizeof(*mac)); ++ explicit_bzero(mac, sizeof(*mac)); + } + + /* XXX copied from ciphers_valid */ +Index: openssh-9.3p2/monitor.c +=================================================================== +--- openssh-9.3p2.orig/monitor.c ++++ openssh-9.3p2/monitor.c +@@ -1789,8 +1789,12 @@ mm_answer_audit_end_command(struct ssh * + void + monitor_clear_keystate(struct ssh *ssh, struct monitor *pmonitor) + { +- ssh_clear_newkeys(ssh, MODE_IN); +- ssh_clear_newkeys(ssh, MODE_OUT); ++ u_int mode; ++ ++ for (mode = 0; mode < MODE_MAX; mode++) { ++ ssh_clear_curkeys(ssh, mode); /* current keys */ ++ ssh_clear_newkeys(ssh, mode); /* next keys */ ++ } + sshbuf_free(child_state); + child_state = NULL; + } +Index: openssh-9.3p2/packet.c +=================================================================== +--- openssh-9.3p2.orig/packet.c ++++ openssh-9.3p2/packet.c +@@ -655,6 +655,7 @@ ssh_packet_close_internal(struct ssh *ss + ssh->local_ipaddr = NULL; + free(ssh->remote_ipaddr); + ssh->remote_ipaddr = NULL; ++ explicit_bzero(ssh->state, sizeof(*ssh->state)); + free(ssh->state); + ssh->state = NULL; + kex_free(ssh->kex); +@@ -783,8 +784,10 @@ compress_buffer(struct ssh *ssh, struct + case Z_OK: + /* Append compressed data to output_buffer. */ + if ((r = sshbuf_put(out, buf, sizeof(buf) - +- ssh->state->compression_out_stream.avail_out)) != 0) ++ ssh->state->compression_out_stream.avail_out)) != 0) { ++ explicit_bzero(buf, sizeof(buf)); + return r; ++ } + break; + case Z_STREAM_ERROR: + default: +@@ -819,8 +822,10 @@ uncompress_buffer(struct ssh *ssh, struc + switch (status) { + case Z_OK: + if ((r = sshbuf_put(out, buf, sizeof(buf) - +- ssh->state->compression_in_stream.avail_out)) != 0) ++ ssh->state->compression_in_stream.avail_out)) != 0) { ++ explicit_bzero(buf, sizeof(buf)); + return r; ++ } + break; + case Z_BUF_ERROR: + /* +@@ -870,6 +875,17 @@ uncompress_buffer(struct ssh *ssh, struc + #endif /* WITH_ZLIB */ + + void ++ssh_clear_curkeys(struct ssh *ssh, int mode) ++{ ++ struct session_state *state = ssh->state; ++ ++ if (state && state->newkeys[mode]) { ++ kex_free_newkeys(state->newkeys[mode]); ++ state->newkeys[mode] = NULL; ++ } ++} ++ ++void + ssh_clear_newkeys(struct ssh *ssh, int mode) + { + if (ssh->kex && ssh->kex->newkeys[mode]) { +@@ -1418,7 +1434,9 @@ ssh_packet_read_seqnr(struct ssh *ssh, u + } + + /* Append it to the buffer. */ +- if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0) ++ r = ssh_packet_process_incoming(ssh, buf, len); ++ explicit_bzero(buf, len); ++ if (r != 0) + goto out; + } + out: +@@ -2375,9 +2393,12 @@ ssh_packet_get_state(struct ssh *ssh, st + (r = sshbuf_put_u32(m, state->p_read.packets)) != 0 || + (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0 || + (r = sshbuf_put_stringb(m, state->input)) != 0 || +- (r = sshbuf_put_stringb(m, state->output)) != 0) ++ (r = sshbuf_put_stringb(m, state->output)) != 0) { ++ sshbuf_obfuscate(m); + return r; ++ } + ++ sshbuf_obfuscate(m); + return 0; + } + +@@ -2496,6 +2517,8 @@ ssh_packet_set_state(struct ssh *ssh, st + size_t ilen, olen; + int r; + ++ sshbuf_unobfuscate(m); ++ + if ((r = kex_from_blob(m, &ssh->kex)) != 0 || + (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || + (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || +@@ -2509,7 +2532,7 @@ ssh_packet_set_state(struct ssh *ssh, st + (r = sshbuf_get_u64(m, &state->p_read.blocks)) != 0 || + (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || + (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) +- return r; ++ goto out; + /* + * We set the time here so that in post-auth privsep child we + * count from the completion of the authentication. +@@ -2518,10 +2541,10 @@ ssh_packet_set_state(struct ssh *ssh, st + /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ + if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || + (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) +- return r; ++ goto out; + + if ((r = ssh_packet_set_postauth(ssh)) != 0) +- return r; ++ goto out; + + sshbuf_reset(state->input); + sshbuf_reset(state->output); +@@ -2529,12 +2552,19 @@ ssh_packet_set_state(struct ssh *ssh, st + (r = sshbuf_get_string_direct(m, &output, &olen)) != 0 || + (r = sshbuf_put(state->input, input, ilen)) != 0 || + (r = sshbuf_put(state->output, output, olen)) != 0) +- return r; ++ goto out; + +- if (sshbuf_len(m)) +- return SSH_ERR_INVALID_FORMAT; ++ if (sshbuf_len(m)) { ++ r = SSH_ERR_INVALID_FORMAT; ++ goto out; ++ } ++ ++ r = 0; ++out: ++ if (r != 0) ++ sshbuf_obfuscate(m); + debug3_f("done"); +- return 0; ++ return r; + } + + /* NEW API */ +Index: openssh-9.3p2/packet.h +=================================================================== +--- openssh-9.3p2.orig/packet.h ++++ openssh-9.3p2/packet.h +@@ -103,6 +103,7 @@ void ssh_packet_close(struct ssh *); + void ssh_packet_set_input_hook(struct ssh *, ssh_packet_hook_fn *, void *); + void ssh_packet_clear_keys(struct ssh *); + void ssh_packet_clear_keys_noaudit(struct ssh *); ++void ssh_clear_curkeys(struct ssh *, int); + void ssh_clear_newkeys(struct ssh *, int); + + int ssh_packet_is_rekeying(struct ssh *); +Index: openssh-9.3p2/sshbuf.c +=================================================================== +--- openssh-9.3p2.orig/sshbuf.c ++++ openssh-9.3p2/sshbuf.c +@@ -309,6 +309,31 @@ sshbuf_mutable_ptr(const struct sshbuf * + return buf->d + buf->off; + } + ++/* Trivially obfuscate the buffer. This is used to make sensitive data ++ * (e.g. keystate) slightly less obvious if found lingering in kernel ++ * memory after being sent from the privsep child to its parent. ++ * ++ * Longer term we should consider using a one-time pad or a stream cipher ++ * here. */ ++void ++sshbuf_obfuscate(struct sshbuf *buf) ++{ ++ size_t i; ++ ++ if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) ++ return; ++ ++ for (i = buf->off; i < buf->size; i++) { ++ buf->d [i] ^= 0xaa; ++ } ++} ++ ++void ++sshbuf_unobfuscate(struct sshbuf *buf) ++{ ++ sshbuf_obfuscate(buf); ++} ++ + int + sshbuf_check_reserve(const struct sshbuf *buf, size_t len) + { +Index: openssh-9.3p2/sshbuf.h +=================================================================== +--- openssh-9.3p2.orig/sshbuf.h ++++ openssh-9.3p2/sshbuf.h +@@ -298,6 +298,9 @@ int sshbuf_write_file(const char *path, + int sshbuf_read(int, struct sshbuf *, size_t, size_t *) + __attribute__((__nonnull__ (2))); + ++void sshbuf_obfuscate(struct sshbuf *buf); ++void sshbuf_unobfuscate(struct sshbuf *buf); ++ + /* Macros for decoding/encoding integers */ + #define PEEK_U64(p) \ + (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ +Index: openssh-9.3p2/sshd.c +=================================================================== +--- openssh-9.3p2.orig/sshd.c ++++ openssh-9.3p2/sshd.c +@@ -272,6 +272,19 @@ static void do_ssh2_kex(struct ssh *); + static char *listener_proctitle; + + /* ++ * Clear some stack space. This is a bit naive, but hopefully helps mitigate ++ * information leaks due to registers and other data having been stored on ++ * the stack. Called after fork() and before exit(). ++ */ ++static void ++clobber_stack(void) ++{ ++ char data [32768]; ++ ++ explicit_bzero(data, 32768); ++} ++ ++/* + * Close all listening sockets + */ + static void +@@ -430,6 +443,8 @@ destroy_sensitive_data(struct ssh *ssh, + sensitive_data.host_certificates[i] = NULL; + } + } ++ ++ clobber_stack(); + } + + /* Demote private to public keys for network child */ +@@ -600,6 +615,8 @@ privsep_preauth(struct ssh *ssh) + static void + privsep_postauth(struct ssh *ssh, Authctxt *authctxt) + { ++ clobber_stack(); ++ + #ifdef DISABLE_FD_PASSING + if (1) { + #else +@@ -2360,6 +2377,7 @@ main(int ac, char **av) + if (use_privsep) { + mm_send_keystate(ssh, pmonitor); + ssh_packet_clear_keys(ssh); ++ clobber_stack(); + exit(0); + } + +@@ -2436,6 +2454,7 @@ main(int ac, char **av) + if (use_privsep) + mm_terminate(); + ++ clobber_stack(); + exit(0); + } + +@@ -2596,8 +2615,10 @@ cleanup_exit(int i) + /* cleanup_exit can be called at the very least from the privsep + wrappers used for auditing. Make sure we don't recurse + indefinitely. */ +- if (in_cleanup) ++ if (in_cleanup) { ++ clobber_stack(); + _exit(i); ++ } + in_cleanup = 1; + if (the_active_state != NULL && the_authctxt != NULL) { + do_cleanup(the_active_state, the_authctxt); +@@ -2623,5 +2644,7 @@ cleanup_exit(int i) + (!use_privsep || mm_is_monitor())) + audit_event(the_active_state, SSH_CONNECTION_ABANDON); + #endif ++ ++ clobber_stack(); + _exit(i); + } diff --git a/openssh.changes b/openssh.changes index 51c4223..db6ea98 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,133 @@ +------------------------------------------------------------------- +Fri Jul 5 17:49:06 UTC 2024 - Antonio Larrosa + +- Add patch from upstream to fix proxy multiplexing mode: + * 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch +- Add patch from upstream to restore correctly sigprocmask + * 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch +- Add patch from upstream to fix a logic error in + ObscureKeystrokeTiming that rendered this feature ineffective, + allowing a passive observer to detect which network packets + contained real keystrokes (bsc#1227318, CVE-2024-39894): + * 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch + +------------------------------------------------------------------- +Wed Jul 3 16:53:53 UTC 2024 - Antonio Larrosa + +- Add obsoletes for openssh-server-config-rootlogin since that + package existed for a brief period of time during SLE 15 SP6/ + Leap 15.6 development but even if it was removed from the + repositories before GM, some users might have it in their + systems from having tried a beta/RC release (boo#1227350). + +------------------------------------------------------------------- +Mon Jul 1 07:50:28 UTC 2024 - Antonio Larrosa + +- Add patch to fix a race condition in a signal handler by removing + the async-signal-unsafe code (CVE-2024-6387, bsc#1226642): + * fix-CVE-2024-6387.patch + +------------------------------------------------------------------- +Mon Jun 10 07:10:48 UTC 2024 - Antonio Larrosa + +- Add #include in some files added by the ldap patch to + fix build with gcc14 (boo#1225904). + * openssh-7.7p1-ldap.patch + +------------------------------------------------------------------- +Fri May 17 07:45:38 UTC 2024 - Antonio Larrosa + +- Remove the recommendation for openssh-server-config-rootlogin + from openssh-server. Since the default for that config option + was changed in SLE it's not needed anymore in SLE nor in TW + (boo#1224392). + +------------------------------------------------------------------- +Tue May 14 19:29:05 UTC 2024 - Antonio Larrosa + +- Add a warning in %post of openssh-clients, openssh-server and + openssh-server-config-disallow-rootlogin to warn the user if + the /etc/ssh/(ssh_config.d|sshd_config.d) directories are not + being used (bsc#1223486). + +------------------------------------------------------------------- +Mon May 13 15:27:37 UTC 2024 - Antonio Larrosa + +- Only for SLE15, restore the patch file removed in + Thu Feb 18 13:54:44 UTC 2021 to restore the previous behaviour + from SP5 of having root password login allowed by default + (fixes bsc#1223486, related to bsc#1173067): + * openssh-7.7p1-allow_root_password_login.patch +- Since the default value for this config option is now set to + permit root to use password logins in SLE15, the + openssh-server-config-rootlogin subpackage isn't useful there so + we now create an openssh-server-config-disallow-rootlogin + subpackage that sets the configuration the other way around + than openssh-server-config-rootlogin. + +------------------------------------------------------------------- +Mon Apr 15 13:21:50 UTC 2024 - Marcus Meissner + +- openssh-8.0p1-gssapi-keyex.patch: Added missing struct initializer, + added missing parameter (bsc#1222840) + +------------------------------------------------------------------- +Fri Apr 12 10:04:45 UTC 2024 - Antonio Larrosa + +- Make openssh-server recommend the openssh-server-config-rootlogin + package in SLE in order to keep the same behaviour of previous + SPs where the PermitRootLogin default was set to yes + (bsc#1221005). +- Fix crypto-policies requirement to be set by openssh-server, not + the config-rootlogin subpackage. +- Add back %config(noreplace) tag for more config files that were + already set like this in previous SPs. + +------------------------------------------------------------------- +Thu Apr 11 06:35:21 UTC 2024 - Arnav Singh + +- Fix duplicate loading of dropins. (boo#1222467) + +------------------------------------------------------------------- +Fri Apr 5 11:10:18 UTC 2024 - Antonio Larrosa + +- Add missing bugzilla/CVE references to the changelog + +------------------------------------------------------------------- +Thu Apr 4 12:23:13 UTC 2024 - Antonio Larrosa + +- Add patch from SLE which was missing in Factory: + * Mon Jun 7 20:54:09 UTC 2021 - Hans Petter Jansson +- Add openssh-mitigate-lingering-secrets.patch (bsc#1186673), which + attempts to mitigate instances of secrets lingering in memory + after a session exits. (bsc#1213004 bsc#1213008) +- Rebase patch: + * openssh-6.6p1-privsep-selinux.patch + +------------------------------------------------------------------- +Tue Apr 2 13:07:43 UTC 2024 - Martin Sirringhaus + +- Rebase openssh-7.7p1-fips.patch (bsc#1221928) + Remove OPENSSL_HAVE_EVPGCM-ifdef, which is no longer supported by + upstream + +------------------------------------------------------------------- +Tue Apr 2 11:23:05 UTC 2024 - Antonio Larrosa + +- Use %config(noreplace) for sshd_config . In any case, it's + recommended to drop a file in sshd_config.d instead of editing + sshd_config (bsc#1221063) +- Use %{_libexecdir} when removing ssh-keycat instead of the + hardcoded path so it works in TW and SLE. + +------------------------------------------------------------------- +Mon Mar 4 09:57:06 UTC 2024 - Pedro Monreal + +- Add crypto-policies support [bsc#1211301] + * Add patches: + - openssh-9.6p1-crypto-policies.patch + - openssh-9.6p1-crypto-policies-man.patch + ------------------------------------------------------------------- Sun Feb 25 18:26:23 UTC 2024 - Hans Petter Jansson @@ -10,7 +140,8 @@ Sun Feb 25 18:26:23 UTC 2024 - Hans Petter Jansson protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server - would not be able to detect that messages were deleted. + would not be able to detect that messages were deleted + (bsc#1217950, CVE-2023-48795). * ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. @@ -22,7 +153,8 @@ Sun Feb 25 18:26:23 UTC 2024 - Hans Petter Jansson user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what - quoting was present in the user-supplied ssh_config(5) directive. + quoting was present in the user-supplied ssh_config(5) directive + (bsc#1218215, CVE-2023-51385). = Potentially incompatible changes * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides @@ -262,14 +394,14 @@ Wed Sep 27 06:28:57 UTC 2023 - Thorsten Kukuk ------------------------------------------------------------------- Fri Jul 21 02:48:58 UTC 2023 - Simon Lees -- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408): +- Update to openssh 9.3p2: Security ======== - Fix CVE-2023-38408 - a condition where specific libaries loaded via + Fix a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following - conditions are met: + conditions are met (bsc#1213504, CVE-2023-38408): * Exploitation requires the presence of specific libraries on the victim system. @@ -1025,7 +1157,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to - gain unintended privilege. + gain unintended privilege (bsc#1190975, CVE-2021-41617). Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). @@ -1224,7 +1356,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson * ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker - with access to the agent socket. + with access to the agent socket (bsc#1183137, CVE-2021-28041) = Potentially-incompatible changes * ssh(1), sshd(8): this release changes the first-preference signature @@ -2253,7 +2385,9 @@ Tue Oct 9 11:01:40 UTC 2018 - Tomáš Chvátal * openssh-7.7p1-fips.patch * openssh-7.7p1-cavstest-ctr.patch * openssh-7.7p1-cavstest-kdf.patch - * openssh-7.7p1-fips_checks.patch + * openssh-7.7p1-fips_checks.patch . Close the right + filedescriptor to avoid fd leads, and also close fdh in + read_hmac (bsc#1209536). * openssh-7.7p1-seed-prng.patch * openssh-7.7p1-systemd-notify.patch * openssh-7.7p1-gssapi_key_exchange.patch diff --git a/openssh.spec b/openssh.spec index 72ddb17..e1f899b 100644 --- a/openssh.spec +++ b/openssh.spec @@ -28,8 +28,10 @@ %if 0%{?suse_version} >= 1550 %bcond_without wtmpdb +%bcond_with allow_root_password_login_by_default %else %bcond_with wtmpdb +%bcond_without allow_root_password_login_by_default %endif #Compat macro for new _fillupdir macro introduced in Nov 2017 @@ -116,12 +118,27 @@ Patch49: openssh-do-not-send-empty-message.patch Patch50: openssh-openssl-3.patch Patch51: wtmpdb.patch Patch52: logind_set_tty.patch +Patch54: openssh-mitigate-lingering-secrets.patch Patch100: fix-missing-lz.patch Patch102: openssh-7.8p1-role-mls.patch Patch103: openssh-6.6p1-privsep-selinux.patch Patch104: openssh-6.6p1-keycat.patch Patch105: openssh-6.6.1p1-selinux-contexts.patch Patch106: openssh-7.6p1-cleanup-selinux.patch +# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support +Patch107: openssh-9.6p1-crypto-policies.patch +Patch108: openssh-9.6p1-crypto-policies-man.patch +# PATCH-FIX-UPSTREAM bsc#1226642 fix CVE-2024-6387 +Patch109: fix-CVE-2024-6387.patch +# PATCH-FIX-UPSTREAM +Patch110: 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch +# PATCH-FIX-UPSTREAM +Patch111: 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch +# PATCH-FIX-UPSTREAM bsc#1227318 CVE-2024-39894 +Patch112: 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch +%if 0%{with allow_root_password_login_by_default} +Patch1000: openssh-7.7p1-allow_root_password_login.patch +%endif BuildRequires: audit-devel BuildRequires: automake BuildRequires: groff @@ -186,12 +203,19 @@ clients. Summary: SSH (Secure Shell) server Group: Productivity/Networking/SSH Requires: %{name}-common = %{version}-%{release} +Requires: crypto-policies >= 20220824 Recommends: audit Requires(pre): findutils Requires(pre): grep Requires(post): %fillup_prereq Requires(post): permissions Provides: openssh:%{_sbindir}/sshd +%if 0%{with allow_root_password_login_by_default} +# For a brief period of time this package existed in SLE/Leap. +# It was removed before GM but some people might have it from +# a beta distribution version (boo#1227350) +Obsoletes: openssh-server-config-rootlogin <= %{version} +%endif %sysusers_requires %description server @@ -206,20 +230,36 @@ also be forwarded over the secure channel. This package contains the Secure Shell daemon, which allows clients to securely connect to your server. +%if 0%{with allow_root_password_login_by_default} +%package server-config-disallow-rootlogin +Summary: Config to disallow password root logins to sshd +Group: Productivity/Networking/SSH +Requires: %{name}-server = %{version}-%{release} +Conflicts: %{name}-server-config-rootlogin + +%description server-config-disallow-rootlogin +The openssh-server package by default allows password based +root logins. This package provides a config that disallows root +to log in using the passwor. It's useful to secure your system +preventing password attacks on the root account over ssh. +%else %package server-config-rootlogin Summary: Config to permit root logins to sshd Group: Productivity/Networking/SSH Requires: %{name}-server = %{version}-%{release} +Conflicts: %{name}-server-config-disallow-rootlogin %description server-config-rootlogin The openssh-server package by default disallows password based root logins. This package provides a config that does. It's useful to temporarily have a password based login to be able to use ssh-copy-id(1). +%endif %package clients Summary: SSH (Secure Shell) client applications Group: Productivity/Networking/SSH +Requires: crypto-policies >= 20220824 Requires: %{name}-common = %{version}-%{release} Provides: openssh:%{_bindir}/ssh @@ -360,7 +400,11 @@ install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir} install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1 sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config +%if 0%{with allow_root_password_login_by_default} +echo "PermitRootLogin prohibit-password" > %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/51-permit-root-login.conf +%else echo "PermitRootLogin yes" > %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf +%endif # Move /etc to /usr/etc/ssh %if %{defined _distconfdir} @@ -368,8 +412,19 @@ mkdir -p %{buildroot}%{_distconfdir}/ssh/ssh{,d}_config.d mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/ mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/ mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/ +%if 0%{with allow_root_password_login_by_default} +mv %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/51-permit-root-login.conf %{buildroot}%{_distconfdir}/ssh/sshd_config.d/51-permit-root-login.conf +%else mv %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %{buildroot}%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %endif +%endif + +install -m 644 ssh_config_suse %{buildroot}%{_sysconfdir}/ssh/ssh_config.d/50-suse.conf +%if %{defined _distconfdir} +install -m 644 sshd_config_suse_cp %{buildroot}%{_distconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf +%else +install -m 644 sshd_config_suse_cp %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf +%endif %if 0%{?suse_version} < 1550 # install firewall definitions @@ -388,7 +443,7 @@ install -D -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/sshd-gen-keys-start mkdir -p %{buildroot}%{_sysusersdir} install -m 644 %{SOURCE14} %{buildroot}%{_sysusersdir}/sshd.conf -rm %{buildroot}/usr/libexec/ssh/ssh-keycat +rm %{buildroot}%{_libexecdir}/ssh/ssh-keycat #rm -r %{buildroot}/usr/lib/debug/.build-id # the hmac hashes - taken from openssl @@ -422,6 +477,15 @@ test -f /etc/ssh/sshd_config.rpmsave && mv -v /etc/ssh/sshd_config.rpmsave /etc/ %{fillup_only -n ssh} %service_add_post sshd.service +%if ! %{defined _distconfdir} +test -f /etc/ssh/sshd_config && (grep -q "^Include /etc/ssh/sshd_config\.d/\*\.conf" /etc/ssh/sshd_config || ( \ + echo "WARNING: /etc/ssh/sshd_config doesn't include config files from" + echo " /etc/ssh/sshd_config.d/ . The crypto-policies configuration won't" + echo "be honored until the following line is added at the start of" + echo "/etc/ssh/sshd_config :" + echo "Include /etc/ssh/sshd_config.d/*.conf" ) ) ||: +%endif + %preun server %service_del_preun sshd.service @@ -435,6 +499,16 @@ else %service_del_postun sshd.service fi +%if ! %{defined _distconfdir} +%post server-config-disallow-rootlogin +test -f /etc/ssh/sshd_config && (grep -q "^Include /etc/ssh/sshd_config\.d/\*\.conf" /etc/ssh/sshd_config || ( \ + echo "WARNING: /etc/ssh/sshd_config doesn't include config files from" + echo " /etc/ssh/sshd_config.d/ . The config file installed by" + echo "openssh-server-config-disallow-rootlogin won't be used until" + echo "the following line is added at the start of /etc/ssh/sshd_config :" + echo "Include /etc/ssh/sshd_config.d/*.conf" ) ) ||: +%endif + %if %{defined _distconfdir} %posttrans server # Migration to /usr/etc. @@ -448,6 +522,16 @@ test -f /etc/ssh/sshd_config.rpmsave && mv -v /etc/ssh/sshd_config.rpmsave /etc/ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config.rpmsave.old ||: %endif +%if ! %{defined _distconfdir} +%post clients +test -f /etc/ssh/ssh_config && (grep -q "^Include /etc/ssh/ssh_config\.d/\*\.conf" /etc/ssh/ssh_config || ( \ + echo "WARNING: /etc/ssh/ssh_config doesn't include config files from" + echo " /etc/ssh/ssh_config.d/ . The crypto-policies configuration won't" + echo "be honored until the following line is added at the start of" + echo "/etc/ssh/ssh_config :" + echo "Include /etc/ssh/ssh_config.d/*.conf" ) ) ||: +%endif + %if %{defined _distconfdir} %posttrans clients # Migration to /usr/etc. @@ -472,7 +556,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %attr(0755,root,root) %dir %{_distconfdir}/ssh/ssh_config.d %else %attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0600,root,root) %{_sysconfdir}/ssh/moduli +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d %endif %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* @@ -488,12 +572,17 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %if %{defined _distconfdir} %attr(0755,root,root) %dir %{_distconfdir}/ssh %attr(0755,root,root) %dir %{_distconfdir}/ssh/sshd_config.d -%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config +%attr(0640,root,root) %config(noreplace) %{_distconfdir}/ssh/sshd_config %attr(0644,root,root) %{_pam_vendordir}/sshd %else -%attr(0640,root,root) %{_sysconfdir}/ssh/sshd_config +%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd %endif +%if %{defined _distconfdir} +%attr(0600,root,root) %config(noreplace) %{_distconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf +%else +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf +%endif %attr(0644,root,root) %{_unitdir}/sshd.service %attr(0644,root,root) %{_sysusersdir}/sshd.conf %attr(0444,root,root) %{_mandir}/man5/sshd_config* @@ -511,19 +600,29 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %config %{_fwdefdir}/sshd %endif +%if 0%{with allow_root_password_login_by_default} +%files server-config-disallow-rootlogin +%if %{defined _distconfdir} +%{_distconfdir}/ssh/sshd_config.d/51-permit-root-login.conf +%else +%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/51-permit-root-login.conf +%endif +%else %files server-config-rootlogin %if %{defined _distconfdir} %{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %else -%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf +%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf +%endif %endif %files clients %dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/50-suse.conf %if %{defined _distconfdir} %attr(0644,root,root) %{_distconfdir}/ssh/ssh_config %else -%attr(0644,root,root) %{_sysconfdir}/ssh/ssh_config +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %endif %attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/scp*